News and information on the misuse of technology for political reasons.
Politically motivated computer crime covers a wide range of activity promoting the objectives of individuals, groups or nations supporting a variety of causes such as: Anti-globalization, trans-national conflicts and protest.

Saturday, July 03, 2010

North Korea Not Believed to Be Responible for 2009 Attacks

A series of attacks targeting U.S. government and South Korean web sites during early July of 2009 were initially blamed on North Korea:

"In the days after the fast-moving, widespread attack, analysis pointed to North Korea as the likely starting point because code used in the attack included Korean language and other indicators."

But according to unnamed "cybersecurity experts" in the article this no longer appears to be the case. Of course, with the same type of flawed analysis, the "experts" can now speculate who else might be involved:

"These officials point suspicions at South Koreans, possibly activists, who are concerned about the threat from North Korea and would be looking to ramp up antagonism toward their neighbor."

The article, as usual, provides little to no details that can be independently analyzed and appears to be confused about the exact nature of the attack, The article first describes the attacks as "...crippling strikes, known as "denial of service" attacks" but later says "...the attacks were largely restricted to vandalizing the public Web pages..." of the victims.

That confusion aside, this is another classic case of "cybersecurity experts" trying to use only technical analysis to determine motive. By itself, it just doesn't work (see Analyzing the Google Attacks - Plenty of Room for Mistakes). To assume that the use of the Korean language in attack code implies the source is North (or South) Korea is a very weak inference. It might be true but other explanations (such as a Korean national in San Francisco or a Korean speaker in Japan) are equally likely.

It requires more than a few technical indicators to develop a strong case showing source and motive.

About Kent Anderson

Kent Anderson has more than 24 years of experience in security and is Managing Director of Encurve, LLC.
Mr. Anderson is a recognized expert on security and politically motivated computer crime and has been quoted by numerous publications including the Washington Post, WSJ, CNN, AP, Reuters, USA Today, LA Business Daily, Singapore Business Times, Danish National Radio and the BBC.
He has held positions as Senior VP of IT Security and Investigations with an international risk consultancy, as Director of Analysis & Investigations with PwC and as the European Info Security Manager for Digital Equipment Corporation.
He has provided assistance to law enforcement and government agencies including the FBI, US Secret Service, DoD, DoJ, FLETC, Scotland Yard, The German BKA, the Russian MVD and Norwegian, Danish and Swiss police. He provided consulting to OECD on international harmonization of computer crime laws and the British Parliament on the development of the UK’s Computer Misuse Act.
Mr. Anderson is a Certified Information Security Manager. He has served on Motorola’s Research Visionary Board for Security, and ISACA’s Security Management Advisory Board.